If this is your first visit, be sure to
check out the FAQ by clicking the
link above. You may have to register
before you can post: click the register link above to proceed. To start viewing messages,
select the forum that you want to visit from the selection below.

Help with understanding log entry

Hello Group,
I have a Linksys router and a Windows XP SP3 computer. My software
firewall is Deerfield Visnetic. Lately I notice log entries when I
boot up (and continuing) which seem to suggest that the router is
trying to send the computer a UDP packet.

Re: Help with understanding log entry

First off, how can you just "write a rule to permit it" if you do not
understand what it is?
Your router is sending SNMP traps. Go to its setup and disable it. If
you plan on using SNMP monitoring, then configure a specific IP address,
not the entire subnet.

On 8/29/2010 5:50 AM, JClark wrote:
> Hello Group,
> I have a Linksys router and a Windows XP SP3 computer. My software
> firewall is Deerfield Visnetic. Lately I notice log entries when I
> boot up (and continuing) which seem to suggest that the router is
> trying to send the computer a UDP packet.
>
> Log:
> Blocked incoming UDP packet from 192.168.1.1 to 192.168.xxx
> source port varies anywhere from 9555 to 9599
> destination port is 162
>
> What does this mean?
> Should I write a rule to permit it?
>
> Many thanks for any clarification.
>
> Jack

Re: Help with understanding log entry

iggster wrote:
> JClark wrote:
>
>> I have a Linksys router

Linksys has lots of models. Not a clue which one the OP happens to use.
>> Lately I notice [firewall] log entries when I boot up (and
>> continuing) which seem to suggest that the router is trying to send
>> the computer a UDP packet.
>>
>> Log:
>> Blocked incoming UDP packet from 192.168.1.1 to 192.168.xxx
>> source port varies anywhere from 9555 to 9599
>> destination port is 162
>>
>> What does this mean?
> Your router is sending SNMP traps. Go to its setup and disable it. If
> you plan on using SNMP monitoring, then configure a specific IP address,
> not the entire subnet.

You sure the traffic isn't due to UPnP discovery by the router? The OP
should see if the traffic stops if UPnP is disabled in the router's
configuration.

Re: Help with understanding log entry

On 8/29/2010 10:13 PM, VanguardLH wrote:
> iggster wrote:
>
>> JClark wrote:
>
>>> I have a Linksys router
>
> Linksys has lots of models. Not a clue which one the OP happens to use.
>
>>> Lately I notice [firewall] log entries when I boot up (and
>>> continuing) which seem to suggest that the router is trying to send
>>> the computer a UDP packet.
>>>
>>> Log:
>>> Blocked incoming UDP packet from 192.168.1.1 to 192.168.xxx
>>> source port varies anywhere from 9555 to 9599
>>> destination port is 162
>>>
>>> What does this mean?
>
>> Your router is sending SNMP traps. Go to its setup and disable it. If
>> you plan on using SNMP monitoring, then configure a specific IP address,
>> not the entire subnet.
>
> You sure the traffic isn't due to UPnP discovery by the router? The OP
> should see if the traffic stops if UPnP is disabled in the router's
> configuration.
>
You are correct. I over-estimated the capabilities of Linksys. It most
likely IS the discovery bcast.
> http://msdn.microsoft.com/en-us/library/ms885488.aspx
> http://en.wikipedia.org/wiki/Upnp#Discovery
>
>> --- news://freenews.netfront.net/ - complaints: news@netfront.net ---
>
> Another user spamming in a non-signature on behalf of their NSP.
Huh? Spamming?

They are appending their promotional (spam) text onto your posts. That
spam isn not in a signature (there is no sigdash line). That means all
of your posts through them are spam. You have elected to be their
spamming affiliate.

Re: Help with understanding log entry

On 8/31/2010 4:46 AM, VanguardLH wrote:
> iggster wrote:
>
> VanguardLH wrote:
>>
>>> iggster wrote:femfensive, no
>>>
>>>> --- news://freenews.netfront.net/ - complaints: news@netfront.net ---
>>>
>>> Another user spamming in a non-signature on behalf of their NSP.
>>
>> Huh? Spamming?
>
> They are appending their promotional (spam) text onto your posts. That
> spam isn not in a signature (there is no sigdash line). That means all
> of your posts through them are spam. You have elected to be their
> spamming affiliate.
This is the news server I use. _One_ line at the end of my posting is
not really offensive, now is it really? I "have elected" to use one of
not so many free news servers. Why this is such a big deal to you that
you "have elected" to waste my time and yours on this discussion that
has nothing to do with the OP? Casual flaming is very easy but most
times it is just a meaningless, well, flaming.
Regards,

Re: Help with understanding log entry

iggster <fryphil@nomailatall.com> wrote:
> On 8/31/2010 4:46 AM, VanguardLH wrote:
>> iggster wrote:
>>> VanguardLH wrote:
>>>> Another user spamming in a non-signature on behalf of their NSP.
>>>
>>> Huh? Spamming?
>>
>> They are appending their promotional (spam) text onto your posts.
>> That spam isn not in a signature (there is no sigdash line). That
>> means all of your posts through them are spam. You have elected to
>> be their spamming affiliate.
>
> This is the news server I use. _One_ line at the end of my posting is
> not really offensive, now is it really? I "have elected" to use one of
> not so many free news servers. Why this is such a big deal to you that
> you "have elected" to waste my time and yours on this discussion that
> has nothing to do with the OP?

Because unsolicited advertisements, like those your news provider
appends to each of your postings, are commonly known as "spam". Which is
frowned upon in most any part of Internet and Usenet I had to do with.

Of course the decision whether you want to support spam is entirely up
to you.

Score adjusted. F'up2p.

cu
59cobalt
--
"If a software developer ever believes a rootkit is a necessary part of
their architecture they should go back and re-architect their solution."
--Mark Russinovich

Re: Help with understanding log entry

iggster wrote:
> VanguardLH wrote:
>
>> iggster wrote:
>>
>> VanguardLH wrote:
>>>
>>>> iggster wrote:femfensive, no
>>>>
>>>>> --- news://freenews.netfront.net/ - complaints: news@netfront.net ---
>>>>
>>>> Another user spamming in a non-signature on behalf of their NSP.
>>>
>>> Huh? Spamming?
>>
>> They are appending their promotional (spam) text onto your posts. That
>> spam isn not in a signature (there is no sigdash line). That means all
>> of your posts through them are spam. You have elected to be their
>> spamming affiliate.
>
> This is the news server I use. _One_ line at the end of my posting is
> not really offensive, now is it really? I "have elected" to use one of
> not so many free news servers. Why this is such a big deal to you that
> you "have elected" to waste my time and yours on this discussion that
> has nothing to do with the OP? Casual flaming is very easy but most
> times it is just a meaningless, well, flaming.
> Regards,
>
> --- news://freenews.netfront.net/ - complaints: news@netfront.net ---

Now you are trying to qualify your, er, their spam as not spam. "No,
officer, I only stuck him once with the dagger". I /elected/ to use
free Teranews but immediately dropped them the next day after noticing
they spamified all my posts (I believe they stopped that practice but
that was long after I dropped their service for spamifying my posts).

Being a free NSP doesn't give them a free pass to spam. They're
spamming their service. If you continue using them, you choose to
continue being their spam affiliate. There are plenty of other "not so
many free news servers" that do NOT spamify their users' posts.

So you think it's okay for a free NSP to put a one-liner spam (and NOT
after a sigdash line) in every post submitted through them. So, if they
switched to promoting Viagra or other crap than that is okay, too. That
they are advertising their service doesn't change that it is spam. That
they deliberately NOT place it after a sigdash is their attempt to
ensure that others see their spam (because many newsreaders will strip
out signatures and they certainly don't want their spam to be hidden).

Re: Help with understanding log entry

On Sun, 29 Aug 2010 12:48:10 -0400, iggster <fryphil@nomailatall.com>
wrote:
>Your router is sending SNMP traps. Go to its setup and disable it
Thank you. That does help to explain it. I must now research the
details of the subject you have introduced me to.

The manual should describe how to configure the router's behaviors.
They list even my ancient BEFSR41 router there. Of course, if you have
the manual you could read it to see if the UPnP option is described.
You could just connect to the router's web server (perhaps athttp://192.168.1.1) to go look through its configuration screens to see
if there is a UPnP option. If you find one, disable it to see if the
mysterious traffic ceases.